You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2021/02/12 16:38:26 UTC
[camel-k] 08/08: chore(rbac): Manage ClusterRoleBinding resources
during operator uninstall
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 206ef20cfd6753b752415da542db4fca41fa9b2d
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Feb 12 15:33:19 2021 +0100
chore(rbac): Manage ClusterRoleBinding resources during operator uninstall
---
pkg/cmd/uninstall.go | 50 +++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 43 insertions(+), 7 deletions(-)
diff --git a/pkg/cmd/uninstall.go b/pkg/cmd/uninstall.go
index 21eb32a..45d9dad 100644
--- a/pkg/cmd/uninstall.go
+++ b/pkg/cmd/uninstall.go
@@ -21,17 +21,18 @@ import (
"context"
"fmt"
+ "github.com/pkg/errors"
+ "github.com/spf13/cobra"
"github.com/spf13/viper"
- "github.com/apache/camel-k/pkg/util/olm"
- "github.com/pkg/errors"
"k8s.io/client-go/kubernetes"
- "github.com/apache/camel-k/pkg/client"
- "github.com/apache/camel-k/pkg/util/kubernetes/customclient"
- "github.com/spf13/cobra"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ "github.com/apache/camel-k/pkg/client"
+ "github.com/apache/camel-k/pkg/util/kubernetes/customclient"
+ "github.com/apache/camel-k/pkg/util/olm"
)
func newCmdUninstall(rootCmdOptions *RootCmdOptions) (*cobra.Command, *uninstallCmdOptions) {
@@ -154,7 +155,7 @@ func (o *uninstallCmdOptions) uninstall(cmd *cobra.Command, _ []string) error {
return err
}
- if err = o.uninstallClusterWideResources(o.Context, c); err != nil {
+ if err = o.uninstallClusterWideResources(o.Context, c, o.Namespace); err != nil {
return err
}
@@ -181,7 +182,7 @@ func (o *uninstallCmdOptions) uninstallOperator(ctx context.Context, c client.Cl
return nil
}
-func (o *uninstallCmdOptions) uninstallClusterWideResources(ctx context.Context, c client.Client) error {
+func (o *uninstallCmdOptions) uninstallClusterWideResources(ctx context.Context, c client.Client, namespace string) error {
if !o.SkipCrd || o.UninstallAll {
if err := o.uninstallCrd(ctx, c); err != nil {
if k8serrors.IsForbidden(err) {
@@ -192,6 +193,15 @@ func (o *uninstallCmdOptions) uninstallClusterWideResources(ctx context.Context,
fmt.Printf("Camel K Custom Resource Definitions removed from cluster\n")
}
+ if err := o.removeSubjectFromClusterRoleBindings(ctx, c, namespace); err != nil {
+ if k8serrors.IsForbidden(err) {
+ // Let's print a warning message and continue
+ fmt.Println("Current user is not authorized to remove the operator ServiceAccount from the cluster role bindings")
+ } else if err != nil {
+ return err
+ }
+ }
+
if !o.SkipClusterRoleBindings || o.UninstallAll {
if err := o.uninstallClusterRoleBindings(ctx, c); err != nil {
if k8serrors.IsForbidden(err) {
@@ -331,6 +341,32 @@ func (o *uninstallCmdOptions) uninstallClusterRoles(ctx context.Context, c clien
return nil
}
+func (o *uninstallCmdOptions) removeSubjectFromClusterRoleBindings(ctx context.Context, c client.Client, namespace string) error {
+ api := c.RbacV1()
+
+ clusterRoleBindings, err := api.ClusterRoleBindings().List(ctx, defaultListOptions)
+ if err != nil {
+ return err
+ }
+
+ // Remove the subject corresponding to this operator install
+ for _, clusterRoleBinding := range clusterRoleBindings.Items {
+ for i, subject := range clusterRoleBinding.Subjects {
+ if subject.Name == "camel-k-operator" && subject.Namespace == namespace {
+ clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects[:i], clusterRoleBinding.Subjects[i+1:]...)
+ crb := &clusterRoleBinding
+ crb, err = api.ClusterRoleBindings().Update(ctx, crb, metav1.UpdateOptions{})
+ if err != nil {
+ return err
+ }
+ break
+ }
+ }
+ }
+
+ return nil
+}
+
func (o *uninstallCmdOptions) uninstallClusterRoleBindings(ctx context.Context, c client.Client) error {
api := c.RbacV1()